Every CVE whose affected-product data names Sofastack Sofarpc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2023-41331 — CVSS 9.8 (critical): SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload…
CVE-2024-23636 — CVSS 9.8 (critical): SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian…